OP has posted (and re-posted) about Bluesky about 40 times in the last 48 hours. I’m down voting every single one. Quit shilling for billionaires.

check out Give up Baby Go by Peach Pit - if you like it you’ll probably like their discography.

and if you’re technically capable, self host and share with friends/family. fuck corporate greed

I’ve been praying for an Open source Apex clone that can be self-hosted. A man can dream.

Genuinely curious, because this isn’t my area of expertise, but how do you design a server to be “better” if it has to trust data from a remote client?

Example, if the client is compromised - because as they’ve said, they have no way to “attest” that the kernel is not compromised - how would the server know any better?

If my Apex client tells the server I got a perfect headshot, how would the server know I didn’t fake the data? Is there a real answer to this problem or are we just wishing they come up with an impossible solution?

My general understanding is that EA is 100% correct. Now, on the other hand, maybe the should just limit plays between Linux <-> Linux so people can at least still enjoy the game (I’m moving to Linux soon so I’ll basically no longer be able to play the game, which is, as my primary gaming addiction, a huge loss I’m willing to take).

There’s compromises EA could take, but I think the Linux market share is just too small for them to care to spend any resources - even though they’re raking in billions (~$3.4 Billion) and could spare a few resources to find a good middle ground. Capitalism at it’s finest.

Link to source on the fediverse/mastodon: https://mastodon.archive.org/@internetarchive/112513905401989149

🦧 approved

X? The only “X” i recognize is DMX, R.I.P.

Yes, but nobody expects modern encryption on legacy services like email. Should email be end-to-end encrypted? Absolutely, but that’s completely unrelated to private 1-1 and group messaging.

But Telegram isn’t private/secure by default. By default everything is stored on their servers in an way that’s accessible to admins, whoever buys them or infiltrates their infra - YIKES

Yes I’m still very unhappy over Allo.

Same, it had so much potential, but seems to have been poorly managed.

You’re right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I’m oversimplifying it for accessibility.

Sending a message to Bob

1. You press Send.
2. The message is encrypted on your device with a key that can only be unlocked by Bob.
3. The message is then “sealed” so that there’s only a “deliver to” field visible (not a “from”).
4. The “deliver to” field is addressed with a hashed/salted label for Bob - this means Signal’s server can see its a unique user, but not what their name is.
5. The message is finally sent to Signal’s servers.
6. Your message sits on Signals servers until it can be delivered to the intended recipient.

you can’t really do user lookups without some sort of middleware in the cloud.

See their blog post about Private Contact Discovery, they’ve spent a long time figuring out how to engineer a method to know as little as possible about you.

I’ve posted this previously, but I’ll repost again because I think its important people are aware when making a decision on a secure messenger.

======== Original Post: https://lemmy.ml/comment/1615043

Sessions developers dropped Signal’s Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer’s life easier [1] .

Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.

For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message’s encryption is isolated, preventing compromise of current and past interactions [2].

A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they’re already capturing. The great thing is that your messages are encrypted, they can’t see anything - YAY - but they’re storing them basically forever.

Two ways they may be able to compromise your privacy and view ALL your messages:

1. A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you’ve ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.

2. Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.

It’s important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.

[0] https://getsession.org/blog/session-protocol-explained

[1] https://getsession.org/blog/session-protocol-technical-information

[2] https://www.signal.org/blog/advanced-ratcheting/

Meredith Whittaker? Artificial Intelligence researcher [0], not ex-Google exec, Meredith Whittaker who “led global walkouts” [1] against Google? Meredith Whittaker who “helped lead employee protests at Google over the search giant’s military work, artificial intelligence and policies” [2], Meredith Whittaker?

If that’s who you’re talking about, they chose the right person to lead a project that goes completely against the silicon valley M.O. of selling your private data to the highest bidder or mining it to sell ads. Her actions have demonstrated she isn’t afraid of speaking up or pushing back against “the hand that feeds you”, even at risk of being retaliated.

[0] https://www.forbes.com/sites/samshead/2019/04/23/google-a-i-researcher-says-shes-being-punished-for-organising-a-mass-walkout/

[1] https://news.sky.com/story/google-walkout-leader-meredith-whittaker-leaves-company-following-claims-of-retaliation-11764114

[2] https://finance.yahoo.com/news/google-protest-leader-meredith-whittaker-015305645.html

I think someone wanted to tank signal. Got tired of funding it probably.

This take doesn’t make any sense. Signal is funded by a non-profit and has tons of money that allows them to not worry about funding in the near feature. There is nobody to “get tired of funding” them.

“but we get paid so much more” /s. I’ve heard this before from people in the tech sector, ignoring the fact that should the shit hit the fan we Americans have no social programs to assist us. I’d take half my pay to get what people in Europe are guaranteed.

personally love the direction Signal is heading but would be happy to not have “all my eggs in one basket”, as well as diversifying the open source E2EE communication options.

Dead to me 💁‍♂️